Lucene search

[email protected]CVE-2007-1536

HistoryMar 20, 2007 - 8:19 p.m.

CVE-2007-1536

2007-03-2020:19:00

CWE-189

[email protected]

web.nvd.nist.gov

cve-2007-1536

integer underflow

file program

arbitrary code execution

heap-based buffer overflow

nvd

9.4 High

AI Score

Confidence

High

9.3 High

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

0.049 Low

EPSS

Percentile

92.7%

JSON

Integer underflow in the file_printf function in the “file” program before 4.20 allows user-assisted attackers to execute arbitrary code via a file that triggers a heap-based buffer overflow.

CPENameOperatorVersion
file:filefilele4.19

CPE	Name	Operator	Version
file:file	file	le	4.19

References

ftp://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2008-001.txt.asc

docs.info.apple.com/article.html?artnum=305530

lists.apple.com/archives/security-announce/2007/May/msg00004.html

mx.gw.com/pipermail/file/2007/000161.html

openbsd.org/errata40.html#015_file

secunia.com/advisories/24548

secunia.com/advisories/24592

secunia.com/advisories/24604

secunia.com/advisories/24608

secunia.com/advisories/24616

secunia.com/advisories/24617

secunia.com/advisories/24723

secunia.com/advisories/24754

secunia.com/advisories/25133

secunia.com/advisories/25393

secunia.com/advisories/25402

secunia.com/advisories/25931

secunia.com/advisories/25989

secunia.com/advisories/27307

secunia.com/advisories/27314

secunia.com/advisories/29179

security.freebsd.org/advisories/FreeBSD-SA-07:04.file.asc

security.gentoo.org/glsa/glsa-200703-26.xml

security.gentoo.org/glsa/glsa-200710-19.xml

slackware.com/security/viewer.php?l=slackware-security&y=2007&m=slackware-security.512926

support.avaya.com/elmodocs2/security/ASA-2007-179.htm

www.debian.org/security/2007/dsa-1274

www.kb.cert.org/vuls/id/606700

www.mandriva.com/security/advisories?name=MDKSA-2007:067

www.novell.com/linux/security/advisories/2007_40_file.html

www.novell.com/linux/security/advisories/2007_5_sr.html

www.redhat.com/support/errata/RHSA-2007-0124.html

www.securityfocus.com/archive/1/477861/100/0/threaded

www.securityfocus.com/archive/1/477950/100/0/threaded

www.securityfocus.com/bid/23021

www.securitytracker.com/id?1017796

www.ubuntu.com/usn/usn-439-1

www.vupen.com/english/advisories/2007/1040

www.vupen.com/english/advisories/2007/1939

bugs.gentoo.org/show_bug.cgi?id=171452

exchange.xforce.ibmcloud.com/vulnerabilities/36283

issues.rpath.com/browse/RPL-1148

oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10658

9.4 High

AI Score

Confidence

High

9.3 High

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

0.049 Low

EPSS

Percentile

92.7%

JSON

Related for CVE-2007-1536

nessus20 openvas16 cert1 slackware1 oraclelinux1 debian2 fedora1 freebsd_advisory1 ubuntu1 ubuntucve2 redhat2 prion2 freebsd1 centos2 gentoo3 debiancve2 suse1 cve1 veracode1 securityvulns1 seebug1